IT Services

Log Management

Quite simply, without it, you have little chance of knowing what’s going on, or what’s happened. Every compliance standard recommends their use. There are subtle differences between the two terms.

1. Log management is generally considered the collection of event log information from at least key components within your infrastructure. This includes servers, Firewall, Networking (WiFi) etc. These logs are kept safe for 1 year as dictated by compliance and good practice. They provide incredibly useful insight, and, as all information is held centrally, it can be searched quickly and efficiently, helping with forensic investigations as well as general trouble shooting.

2. SIEM Solutions are generally taking things to the next level (providing all of the above). It is incredibly complex to work out what’s going on, even on fairly modest systems.

SIEM solutions combine event correlation (making sense of the vast logs), threat intelligence, network and host based IDS, vulnerability scanning, etc. They present this in a dashboard format which effective prioritises events. This makes it simpler for skilled engineers to make sense of what’s going on in real-time, and determine the best course of action. In short, they are the most proactive way of dealing with Cyber threats.